The security firm said that the media player is in fact Backdoor.Edunet.A which uses compromised computers to send commands to a series of mail servers.
BitDefender said that the mail servers are used to spread spam, and are mostly in the .edu and .mil domains.
The list of servers is retrieved by the Trojan from a series of web servers which are either compromised or part of the attackers' own network. The list is continuously changing, but that of the targets has so far remained constant.
The Trojan sends the commands in the hope of finding an open relay, a mis-configured mail server that allows anyone to send emails.
This essentially makes it appear that any mail originating from the Trojan has been sent from the open relay.
BitDefender researchers have determined that, at least currently, none of the servers in the current target list is actually vulnerable.
"It is not every day that you stumble on the workings of an honest-to-God hacking ring, let alone one that has a predilection for using military and university-run mail servers as spam relays," said Sorin Dudea, head of antivirus Research at BitDefender.
"It would be interesting to identify what, if anything, the institutions that own the targeted servers have in common."
.png&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
.png&w=120&c=1&s=0)
Tech in Gov 2025
Forrester's Technology & Innovation Summit APAC 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
.jpg&h=271&w=480&c=1&s=1)
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
